﻿@using WebMatrix.WebData

@* 如果你要使用绑定，请删除本部分 *@
@section Scripts {
    <script src="~/Scripts/jquery.validate.min.js"></script>
    <script src="~/Scripts/jquery.validate.unobtrusive.min.js"></script>
}

@{
    WebSecurity.RequireAuthenticatedUser();

    Layout = "~/_SiteLayout.cshtml";
    Page.Title = "管理帐户";

    var action = Request.Form["action"];

    bool hasLocalAccount = OAuthWebSecurity.HasLocalAccount(WebSecurity.CurrentUserId);

    string successMessage = "";
    var message = Request.QueryString["message"];
    if (message == "ChangedPassword") {
        successMessage = "已更改密码。";
    } else if (message == "SetPassword") {
        successMessage = "已设置密码。";
    } else if (message == "RemovedLogin") {
        successMessage = "已删除外部登录。";
    }

    var externalLogins =
        (from account in OAuthWebSecurity.GetAccountsFromUserName(WebSecurity.CurrentUserName)
         let clientData = OAuthWebSecurity.GetOAuthClientData(account.Provider)
         select new { Provider = account.Provider, ProviderDisplayName = clientData.DisplayName, UserId = account.ProviderUserId })
        .ToList();
    bool canRemoveLogin = externalLogins.Count > 1 || hasLocalAccount;

    // 设置验证
    if (hasLocalAccount) {
        Validation.RequireField("currentPassword", "“当前密码”字段是必填的。");
        Validation.Add("currentPassword",
            Validator.StringLength(
                maxLength: Int32.MaxValue,
                minLength: 6,
                errorMessage: "当前密码必须至少包含 6 个字符"));
    }
    Validation.RequireField("newPassword", "“新密码”字段是必填的。");
    Validation.Add("confirmPassword",
        Validator.Required("“确认新密码”字段是必填的。"),
        Validator.EqualsTo("newPassword", "新密码和确认密码不匹配。"));
    Validation.Add("newPassword",
        Validator.StringLength(
            maxLength: Int32.MaxValue,
            minLength: 6,
            errorMessage: "新密码必须至少包含 6 个字符"));

    if (IsPost) {
        AntiForgery.Validate();
        if (action == "password") {
            // 处理本地帐户密码操作
            var currentPassword = Request.Form["currentPassword"];
            var newPassword = Request.Form["newPassword"];
            var confirmPassword = Request.Form["confirmPassword"];

            if (Validation.IsValid()) {
                if (hasLocalAccount) {
                    if (WebSecurity.ChangePassword(WebSecurity.CurrentUserName, currentPassword, newPassword)) {
                        Response.Redirect("~/Account/Manage?message=ChangedPassword");
                        return;
                    } else {
                        ModelState.AddFormError("试图更改密码时出错。请与站点所有者联系。");
                    }
                } else {
                    bool requireEmailConfirmation = !WebMail.SmtpServer.IsEmpty();
                    try {
                        WebSecurity.CreateAccount(WebSecurity.CurrentUserName, newPassword, requireEmailConfirmation);
                        Response.Redirect("~/Account/Manage?message=SetPassword");
                        return;
                    } catch (System.Web.Security.MembershipCreateUserException e) {
                        ModelState.AddFormError(e.Message);
                    }
                }
            } else {
                ModelState.AddFormError("密码更改失败。请更正错误并重试。");
            }
        } else if (action == "removeLogin") {
            // 删除外部登录
            var provider = Request.Form["provider"];
            var userId = Request.Form["userId"];

            message = null;
            var ownerAccount = OAuthWebSecurity.GetUserName(provider, userId);
            // 仅当外部登录由当前登录用户拥有并且不是用户上次登录凭据时，才删除该外部登录
            if (ownerAccount == WebSecurity.CurrentUserName && canRemoveLogin) {
                OAuthWebSecurity.DeleteAccount(provider, userId);
                message = "RemovedLogin";
            }
            Response.Redirect(Href("~/Account/Manage", new { message }));
            return;
        } else {
            // 假定这是外部登录请求
            string provider = Request.Form["provider"];
            if (!provider.IsEmpty()) {
                OAuthWebSecurity.RequestAuthentication(provider, Href("~/Account/RegisterService", new { returnUrl = Href("~/Account/Manage") }));
                return;
            }
        }
    }
}
<hgroup class="title">
    <h1>@Page.Title.</h1>
</hgroup>

@if (!successMessage.IsEmpty()) {
    <p class="message-success">
        @successMessage
    </p>
}

<p>你已使用以下身份登录: <strong>@WebSecurity.CurrentUserName</strong>.</p>

@if (hasLocalAccount) {
    <h3>更改密码</h3>
} else {
    <p>
        你没有此站点的本地密码。添加本地密码，以便你无需外部登录即可登录。
    </p>
}

<form method="post">
    @AntiForgery.GetHtml()
    @Html.ValidationSummary(excludeFieldErrors: true)

    <fieldset>
        <legend>
        @if (hasLocalAccount) {
            <text>“更改密码”表单</text>
        } else {
            <text>“设置密码”表单</text>
        }
        </legend>
        <ol>
            @if (hasLocalAccount) {
                <li class="current-password">
                    <label for="currentPassword" @if (!ModelState.IsValidField("currentPassword")) {<text>class="error-label"</text>}>当前密码</label>
                    <input type="password" id="currentPassword" name="currentPassword" @Validation.For("currentPassword")/>
                    @Html.ValidationMessage("currentPassword")
                </li>
            }
            <li class="new-password">
                <label for="newPassword" @if (!ModelState.IsValidField("newPassword")) {<text>class="error-label"</text>}>新密码</label>
                <input type="password" id="newPassword" name="newPassword" @Validation.For("newPassword")/>
                @Html.ValidationMessage("newPassword")
            </li>
            <li class="confirm-password">
                <label for="confirmPassword" @if (!ModelState.IsValidField("confirmPassword")) {<text>class="error-label"</text>}>确认新密码</label>
                <input type="password" id="confirmPassword" name="confirmPassword" @Validation.For("confirmPassword")/>
                @Html.ValidationMessage("confirmPassword")
            </li>
        </ol>
        @if (hasLocalAccount) {
            <button type="submit" name="action" value="password">更改密码</button>
            <p>
                如果已忘记密码，请单击<a href="~/Account/ForgotPassword" title="“忘记密码”页">此处</a>。
            </p>
        } else {
            <button type="submit" name="action" value="password">设置密码</button>
        }
    </fieldset>
</form>

<section id="externalLogins">
    @if (externalLogins.Count > 0) {
        <h3>已注册的外部登录</h3>
        <table>
            <tbody>
            @foreach (var externalLogin in externalLogins) {
                <tr>
                    <td>@externalLogin.ProviderDisplayName</td>
                    <td>
                        @if (canRemoveLogin) {
                            <form method="post">
                                @AntiForgery.GetHtml()
                                <fieldset>
                                    <legend></legend>
                                    <input type="hidden" name="provider" value="@externalLogin.Provider" />
                                    <input type="hidden" name="userId" value="@externalLogin.UserId" />
                                    <button type="submit" name="action" value="removeLogin" title="从帐户中删除此 @externalLogin.ProviderDisplayName 凭据">删除</button>
                                </fieldset>
                            </form>
                        } else {
                            @: &nbsp;
                        }
                    </td>
                </tr>
            }
            </tbody>
        </table>
    }

    <h3>添加外部登录</h3>
    @RenderPage("~/Account/_ExternalLoginsList.cshtml")
</section>
